GHSA-jgm2-m5cg-f66g

Suggest an improvement
Source
https://github.com/advisories/GHSA-jgm2-m5cg-f66g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jgm2-m5cg-f66g/GHSA-jgm2-m5cg-f66g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jgm2-m5cg-f66g
Aliases
  • CVE-2012-3546
Published
2022-05-17T00:59:04Z
Modified
2023-11-08T03:57:06.972712Z
Summary
Authentication Bypass in Apache Tomcat
Details

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI.

Database specific
{
    "nvd_published_at": "2012-12-19T11:55:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T21:29:14Z"
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.36

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.0.30